Re: What exactly is secedit.sdb
From: Peter Clark (clark_at_hushmail.com)
Date: 04/30/03
- Next message: Jeff: "Secure.exe problems after last auto upgrade"
- Previous message: Peter Clark: "User name change (Rename)"
- In reply to: Daniel Billingsley: "Re: What exactly is secedit.sdb"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Apr 2003 16:37:48 -0700
secedit.sdb is mostly all of local security policy
(secpol.msc) - local group policy (gpedit.msc) also
includes the gui from local security policy, however it
also includes many other settings which are stored here:
C:\WINNT\system32\GroupPolicy\Machine\Registry.pol
and yes to your last question.
>-----Original Message-----
>So, to further clarify...
>when the documentation talks about the "local group
policy" it's essentially
>talking about this database, right? Yes, I understand as
with most (all?)
>group policy settings, they are ultimately registry settings.
>
>And when the machine goes through it's periodic policy
refresh procedure, it
>would look first in the local secedit.sdb and compare to
the registry, and
>then pull down from AD, according to the order of policy
settings priority,
>right?
>
>"Nick Finco [MSFT]" <nfinco@online.microsoft.com> wrote in
message
>news:%23tsWvFoDDHA.2824@TK2MSFTNGP11.phx.gbl...
>> There aren't any hidden settings. You should use the
Local Security
>Policy
>> editor (secpol.msc) to edit this database. On WinXP,
Local Security
>Policy
>> edits the machine's security settings directly so there
is nothing stored
>> for it in secedit.sdb. This DB is also used while
processing domain group
>> policy.
>>
>> N
>>
>> --
>> This posting is provided "AS IS" with no warranties, and
confers no
>rights.
>> Any included script samples are subject to the terms
specified at
>> http://www.microsoft.com/info/cpyright.htm
>>
>>
>> "Peter Clark" <clark@hushmail.com> wrote in message
>> news:02c101c30e7e$d4e23ad0$a101280a@phx.gbl...
>> > it stores a copy of many security settings. the real
>> > settings are stored in the registry/filesystem. the
>> > secedit.sdb refreshes the registry when "applying security
>> > policy"
>> >
>> > secedit.sdb holds the following settings:
>> >
>> > [System Access]
>> > \Account Policy\Password Policy\
>> > [System Access]
>> > \Account Policy\Account Lockout Policy\
>> > [Kerberos Policy]
>> > \Account Policy\Kerberos Policy\
>> > [Event Audit]
>> > \Local Policies\Audit Policy\
>> > [Privilege Rights]
>> > \Local Policies\USer Rights Assignment\
>> > [Registry Values]
>> > \Local Policies\Security Options\
>> > [System Access]++
>> > Automatically log off users when logon time expires
(local)
>> > Secure system partition (for RISC platforms only)
>> > \Event log\Settings for Event logs\
>> > [Event Audit]
>> > [Application/Security/System Log]
>> > Restricted Groups
>> > System Services
>> > Registry
>> > File System
>> >
>> > though on 2k/xp pro some of this settings are hidden
in the
>> > secedit.sdb, however a simple "modification" can correct
>> > this, adding to fuctionality ;-) i have some rough
notes on
>> > the settings if your interested - email me.
>> >
>> >
>> > >-----Original Message-----
>> > >I understand c:\winnt\security\database\secedit.sdb is
>> > crucial to lots of
>> > >security settings, but I can't find anywhere in the
doc or
>> > technet that
>> > >explains what exactly it is.
>> > >
>> > >Is it just the database that stores the local group
policy?
>>
>>
>
>
>.
>
- Next message: Jeff: "Secure.exe problems after last auto upgrade"
- Previous message: Peter Clark: "User name change (Rename)"
- In reply to: Daniel Billingsley: "Re: What exactly is secedit.sdb"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
